by andrew

PHPCon PL 2011, Day 1

The begining of PHPCon 2011 in Mąchocice near Kielce wasn’t something special. To be more honest and maybe even ruthless: it was boring and completly waste of time. My friends who came with me and myself were really disappointed. And as I looked on faces of other attenders — the feelings were similar or the same.

First talk was about geolocation and maps by Derick Rethans. It wasn’t anything special however in my personal feeling it was nice as something to start with. I even got interested in Open Maps project and in free time I’d like to check it and play a little bit with it. Second presentation was the worst one. It was about Yii PHP framework. Author seemed not prepared at all. I’m not an expert in php frameworks domain but I know Symfony and after the presentation Yii doesn’t have anything else/better than Symfony. Therefore, why should we use it? Well, the speaker couldn’t answer this question. However, he was a passionate. He didn’t create and contribute in creating the framework but he wanted to share his positive feelings about the framework. Unfortunately, the audience seemed immune to “his magic” The last presentation on first day of conference was about making PHP programers more productive. This presentation didn’t blow our minds either. Shortly: it was about quit using mouse and start using keyboard shortcuts.

Right now I’m after the first presentation of second day. It was about security of PHP applications. Young and very charismatic speaker, Przemysław Pawliczuk (mostly known as eRIZ did a great job with this one. He gave us an examples of basic attacks like: SQL incjection, Cross Site Request-Forgery or Cross Site Scripting. Also showed a source of “Rebbecca Troy” (if I remembered the name correctly) which is quite interesting because it tests victim’s machine for every possible way a PHP can be used to: sending an e-mail, querying a database, dumping database etc. At the end if all those tests fails (there is no whole which could be used to attack) it puts a compiled C code which will observe traffic on a victim’s machine. So, the second day of PHPCon started more interesting than the first.